JavaScript Magic Tricks: Mutable Eval

WangLiwen - Oct 7 '23 - - Dev Community

In JavaScript development, Eval is often used in dark areas to execute some code that is not intended to be seen by others.

However, Eval has distinct characteristics and no matter what function it implements, it can be easily observed directly, causing people to be alert.
However, Eval can also have mutated forms, such as the following line, which is also Eval, but can you identify it as such?

Mutated Eval:

window[(14).toString(32)+(31).toString(32)+(10).toString(32)+(21).toString(32)]
Execute:

Image description

How could such a strange string be Eval? Let's take a look at the technical principle of mutated Eval:

1.Eval() equals to window.eval().
2.Window.eval() equals to window["eval"].
3."eval" can be decomposed into: window["e"+"v"+"a"+"l"].
4."e"+"v"+"a"+"l" can be written as: (14).toString(32)+(31).toString(32)+(10).toString(32)+(21).toString(32).
5.How do we get the characters in 4? It's like this:
parseInt("e",36) = 14;
parseInt("v",36) = 31;
parseInt("a",36) = 10;
parseInt("l",36) = 21;
6.Finally, Eval is transformed into:
window[(14).toString(36)+(31).toString(36)+(10).toString(36)+(21).toString(36)];

Can it still be used normally? Yes, of course.
Here are two examples:

Example 1:

window[(14).toString(32)+(31).toString(32)+(10).toString(32)+(21).toString(32)]("console.log('test');");

Example 2:

window[(14).toString(32)+(31).toString(32)+(10).toString(32)+(21).toString(32)]("var a=1;var b=2;var c=3;console.log(a+b+c);");
Exexute:

Image description

Further mutation:
If the above JS code is obfuscated by JShaman JavaScript Obfuscator, more complex forms can be obtained.

window[(748953 ^ 748951)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](239241 ^ 239273) + (151757 ^ 151762)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](430630 ^ 430598) + (671610 ^ 671600)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](930617 ^ 930585) + (944302 ^ 944315)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](186206 ^ 186238)](";)c+b+a(gol.elosnoc;3=c rav;2=b rav;1=a rav"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));

At this point, who would have guessed that this was an eval?

Image
Performance Optimization in Web and App Development
Image
JAVASCRIPT_MOST_CONFUSING_QUESTION
Image
Implement LLM guardrails for RAG applications
Image
🎮 Game UI Design: Crafting Engaging and Immersive Experiences
Image
DevSecOps Project: "Secure Full-Stack Node.js Web Application Deployment with Jenkins, Docker, Kubernetes, and HashiCorp Vault"
Image
RAG Simplified!! 🐣
Image
🌟 Transform Your GitHub Profile with Our Cutting-Edge Profile Generator

webdev, beginners, programming, productivity
Image
Detailed Job Description for Developing a Custom SaaS E-Commerce Platform
Image
VertiTab - Vertical Tabs in Side Panel v2.8.0
Image
CSS BEM Naming Convention: What It Is, Why It Matters, and How to Use It?

css, bem, html, programming
Image
MaxPool3d() in PyTorch

pytorch, maxpool3d, poolinglayer, layer
Image
خرید پوشاک زنانه و مردانه از فروشگاه آرامیس
Image
Typing Speed: The Overlooked Catalyst in the AI Era with Claude, ChatGPT, & CoPilots🚀
Image
Understanding ETL pipeline

webdev, beginners, productivity
Image
DevSecOps Project: "Secure Full-Stack Node.js Web Application Deployment with Jenkins, Docker, Kubernetes, and HashiCorp Vault"

devops, node, docker, kubernetes
Image
🎮 Game UI Design: Crafting Engaging and Immersive Experiences

gamedev, beginners, learning, career
Image
Experience the Excellence of Kamalia Khaddar!

beginners, webdev, javascript, react
Image
🗃️ Lessons Learned from Migrating Huge BigQuery Datasets Across Regions

googlecloud, database, analytics, cloud
Image
Effective Bee, Wasp, and Hornet Extermination Services in Wilton:
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Terabox Video Player